Cloud Chaos: What You Need to Know After Hackers Breach Dropbox, Evernote

Are you one of the millions of people who rely heavily on the cloud-based features of Dropbox and Evernote?

The two services make data available no matter where a user is located, but the programs are apparently not safe from the same kind of hacking and data breaches that afflict banks, schools, and every-day consumers. Recently both companies made headlines for alleged hacks into their systems.

Evernote Resets 50 Million Passwords

Evernote, the online note-sharing service, said it was resetting the passwords of its 50 million users because hackers managed to breach its computer network and access some user names, email addresses, and encrypted passwords.

“Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

We have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.”

Within that blog’s comments section, one user made the following statement:

“This is really disturbing. I just signed up for evernote and evernote premium just yesterday after months of considering the best way to go paperless. My decision took so long because I was concerned by the security limitations of evernote with our data sitting unencrypted on your servers. It seems my fears were warranted as I didn’t even last 24 hours on evernote without having my password reset and a leak of data occur.

I hope you reconsider and create a system that allows us to encrypt notebooks on evernote so that even a leak of our user ID and password don’t automatically lead to the threat of data loss, until then I have to reconsider what I use evernote for and frankly if I can’t use it as a truly universal dumping location for my data it might not be worthwhile to use for me at all.”

In response, however, is this truth from another commenter:

“If you judge services based on who is immune from this type of attack then you won’t use anyone.”

Dropbox Drama

Dropbox, the online storage service, also suffered a possible hack of its servers, leading to an increased amount of spam sent to users — specifically, phishing emails that were created to look like authentic emails from online payment provider PayPal.

Even worse is that a full year later the company announced another instance of phishing, though this time, embarrassingly, an employee’s account had been compromised. The account contained a project document with a list of customer email addresses. The company said it wasn’t sure how the breach happened but it’s likely the employee fell for a phishing email and unwittingly turned over their account info.

(Yikes!)

The DropBox team has reminded its users (and let’s hope, its employees, too!) that it uses several domains to run the service. If you receive a communication that purports to be from Dropbox, but it does not come from a domain listed below, be careful as it might contain malware or be a phishing attempt.

Official Email From Dropbox

All email from employees, support staff, and some service-related email (like email verification and password reset confirmations) are sent from dropbox.com or dropbox.zendesk.com